Debian Bug report logs - #668309
samba: remote code execution (CVE-2012-1182)

version graph

Package: src:samba; Maintainer for src:samba is Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>;

Reported by: Yves-Alexis Perez <corsac@debian.org>

Date: Tue, 10 Apr 2012 20:54:45 UTC

Severity: critical

Tags: security

Found in version samba/3.6.3-2

Fixed in version 2:3.6.4-1

Done: Christian PERRIER <bubulle@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#668309; Package src:samba. (Tue, 10 Apr 2012 20:54:47 GMT) Full text and rfc822 format available.

Acknowledgement sent to Yves-Alexis Perez <corsac@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Tue, 10 Apr 2012 20:54:47 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Yves-Alexis Perez <corsac@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: samba: remote code execution (CVE-2012-1182)
Date: Tue, 10 Apr 2012 22:54:14 +0200
Source: samba
Version: 3.6.3-2
Severity: critical
Tags: security
Justification: root security hole

Hey,

samba team just released an advisory for a remote code execution (as
root) : https://www.samba.org/samba/security/CVE-2012-1182

Please package 3.6.4 for sid/testing and backport 3.5.14 fixes to
squeeze when possible.

Thanks in advance,
-- 
Yves-Alexis

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#668309; Package src:samba. (Wed, 11 Apr 2012 06:48:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian PERRIER <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Wed, 11 Apr 2012 06:48:05 GMT) Full text and rfc822 format available.

Message #10 received at 668309@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: Yves-Alexis Perez <corsac@debian.org>, 668309@bugs.debian.org
Subject: Re: [Pkg-samba-maint] Bug#668309: samba: remote code execution (CVE-2012-1182)
Date: Wed, 11 Apr 2012 07:18:52 +0200
[Message part 1 (text/plain, inline)]
Quoting Yves-Alexis Perez (corsac@debian.org):
> Source: samba
> Version: 3.6.3-2
> Severity: critical
> Tags: security
> Justification: root security hole
> 
> Hey,
> 
> samba team just released an advisory for a remote code execution (as
> root) : https://www.samba.org/samba/security/CVE-2012-1182
> 
> Please package 3.6.4 for sid/testing and backport 3.5.14 fixes to
> squeeze when possible.


Jelmer Vernooij was working on it during last weeks and packages
should hit unstable and stable-security very soon.

Jelmer, do you confirm?

I'll also work on fixing 3.6 backports in squeeze-backports.


[signature.asc (application/pgp-signature, inline)]

Reply sent to Christian PERRIER <bubulle@debian.org>:
You have taken responsibility. (Thu, 12 Apr 2012 06:21:08 GMT) Full text and rfc822 format available.

Notification sent to Yves-Alexis Perez <corsac@debian.org>:
Bug acknowledged by developer. (Thu, 12 Apr 2012 06:21:08 GMT) Full text and rfc822 format available.

Message #15 received at 668309-done@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: Yves-Alexis Perez <corsac@debian.org>, 668309-done@bugs.debian.org
Subject: Re: [Pkg-samba-maint] Bug#668309: Bug#668309: samba: remote code execution (CVE-2012-1182)
Date: Thu, 12 Apr 2012 08:18:27 +0200
[Message part 1 (text/plain, inline)]
Version: 2:3.6.4-1


Jelmer fixed that issue in unstable with the upload of samba 3.6.4

[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 10 May 2012 07:33:12 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 01:56:15 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.